#255 ✓resolved
Ian Woods

libimobiledevice / libusbmuxd can't differentiate between restore mode iPhones

Reported by Ian Woods | March 7th, 2012 @ 05:31 PM

I've been using libimobilerestore with multiple devices at the same time. It gets confused mid-process when it tries to find the device it's just put into restore mode when there are multiple restore-mode devices.

The root cause of the problem is that restore mode devices list their UUID as "ffffffffffffffffffffffffffffffffffffffff" which collides with other restore mode devices.

The interface for libimobiledevice lists devices only by UUID. Under normal circumstances, this would be fine but restore-mode devices will collide.

The interface to libusbmuxd is 'okay' in that listing devices gives the actual device list. Unfortunately, the function usbmuxd_get_device_by_uuid() is commonly used by clients, passing in a 'real' UUID or a UUID from usbmuxd_get_device_list().

I've applied a quick and hacky fix for this case by detecting the "ffff..." case in usbmuxd_get_device_list, by substituting the least-significant UUID values with the device_id to restore uniqueness:

Patch file for libusbmuxd.c is attached. This is a diff from the current source in the git repository.

It's a simple solution which doesn't require any changes to the interface or the clients in order to handle this case... though it is admittedly quite hacky.

A better approach might be to modify idevice_get_device_list() and idevice_new() to handle this collision case. For example:

  1. idevice_get_device_list() could append ":deviceid" to the "ffff..." uuids of restore mode devices.
  2. idevice_new() could detect that kind of 'UUID' and instead of calling usbmuxd_get_device_by_uuid() could request the device by device-id.

The 'full and proper fix' would be to change the interface of idevice_get_device_list(), but this would also require changes for all users of libimobiledevice... or at least those that operate on recovery mode devices.

Any particular preferences for how this should be fixed?

Comments and changes to this ticket

  • Martin S.

    Martin S. March 23rd, 2012 @ 05:58 PM

    • State changed from “new” to “open”
    • Tag set to device, restore, udid, usb, usbmuxd

    Hi, could you explain under which device model and iOS version you have seen this?

    Testing restore mode here yielded no such issue.

    The device is listed fine as the USB device descriptor serial number field contains the device's UDID and thus one is able to access a specific device just fine.

    Also running "idevice_id -l" shows the device's correct UDID just fine.

    UUID is bad wording, we'll probably rename everything to UDID (as we just did in libimobiledevice) which is more correct.

  • Ian Woods

    Ian Woods March 26th, 2012 @ 11:24 AM

    Hi Martin,

    Looking at it again, I have to get a device into a certain state for this to occur. This state seems to be a "broken firmware" state where it boots straight into recovery mode. I've been able to get iPhone 4 and iPhone 3GS devices into this state intermittently.

    1. iPhone 4 devices get into this state if they are flashed with idevicerestore and the process fails at the baseband update stage. I've seen this with iOS 5.0.1 and can get devices into this state with iOS 5.1.

    2. I'm pretty sure I've seen this with 3GS devices and iOS 5.0.1. I don't have a 3GS at the moment to try and get it into this state.

    3. Once a device is in this "broken firmware" state, it remains so until I successfully flash a new firmware to it.

    4. When I have two or more devices in this state, this collision causes problems in idevicerestore when it tries to connect to devices.

    Here's the beginning of the output of idevicerestore when I have a single iPhone 4 device in this state, with iOS 5.1 IPSW. I've added some debug output to usbmuxd_get_device_list and idevice_get_device_list to show the list of devices.

    $ sudo idevicerestore --ecid 0000006BC0110DAD -e iPhone3,1_5.1_9B176_Restore.ipsw NOTE: using cached version data
    opening device 05ac:1281...
    opening device 05ac:1281...
    found device with ECID 0000006bc0110dad
    Setting to configuration 1
    Setting to interface 0:0
    Found device in Recovery mode
    opening device 05ac:1281...
    opening device 05ac:1281...
    found device with ECID 0000006bc0110dad
    Setting to configuration 1
    Setting to interface 0:0
    INFO: device serial number is DNPGGEH8DP0N
    Identified device as iPhone3,1
    Extracting BuildManifest from IPSW
    ERROR: zip_name_locate: BuildManifesto.plist
    Product Version: 5.1
    Product Build: 9B176
    Variant: Customer Erase Install (IPSW)
    This restore will erase your device data.
    Found ECID 462783843757
    Trying to fetch new SHSH blob
    Sending TSS request... received SHSH blobs
    Extracting filesystem from IPSW
    [==================================================] 100.0% iBEC will be signed
    Extracting iBEC.n90ap.RELEASE.dfu
    Signing iBEC.n90ap.RELEASE.dfu
    reconstructed size: 244249
    Sending iBEC (244249 bytes)...
    [==================================================] 100.0% opening device 05ac:1281...
    opening device 05ac:1281...
    found device with ECID 0000006bc0110dad
    Setting to configuration 1
    Setting to interface 0:0
    irecv_get_nonce: got length: 46
    irecv_get_nonce: buf=' NONC:B17FC8F3FC1CB908CCBCFBA067CE4275CB47F8C3'
    Nonce: b1 7f c8 f3 fc 1c b9 08 cc bc fb a0 67 ce 42 75 cb 47 f8 c3
    Trying to fetch new SHSH blob
    Sending TSS request... received SHSH blobs
    Sending APTicket (2764 bytes)
    [==================================================] 100.0% Sending AppleLogo...
    AppleLogo will be signed
    Extracting applelogo@2x.s5l8930x.img3
    Signing applelogo@2x.s5l8930x.img3
    reconstructed size: 15193
    Sending AppleLogo (15193 bytes)...
    [==================================================] 100.0% RestoreRamDisk will be signed
    Extracting 038-1813-172.dmg
    Signing 038-1813-172.dmg
    reconstructed size: 17283417
    Sending RestoreRamDisk (17283417 bytes)...
    [==================================================] 100.0% RestoreDeviceTree will be signed
    Extracting DeviceTree.n90ap.img3
    Signing DeviceTree.n90ap.img3
    reconstructed size: 62297
    Sending RestoreDeviceTree (62297 bytes)...
    [==================================================] 100.0% RestoreKernelCache will be signed
    Extracting kernelcache.release.n90
    Signing kernelcache.release.n90
    reconstructed size: 6452121
    Sending RestoreKernelCache (6452121 bytes)...
    [==================================================] 100.0% About to restore device...
    waiting for device...
    trying to connect...
    usbmuxd_get_device_list: error opening socket!
    DEBUG: idgdl returned 0 devices
    usbmuxd_get_device_list: error opening socket!
    DEBUG: idgdl returned 0 devices
    usbmuxd_get_device_list: error opening socket!
    DEBUG: idgdl returned 0 devices
    DEBUG: usbmuxd_get_device_list has 1 devices
    DEBUG: device 0 has uuid ffffffffffffffffffffffffffffffffffffffff
    DEBUG: idgdl returned 1 devices
    DEBUG: device 0 has id ffffffffffffffffffffffffffffffffffffffff
    DEBUG: usbmuxd_get_device_list has 1 devices
    DEBUG: device 0 has uuid ffffffffffffffffffffffffffffffffffffffff
    Connecting now
    DEBUG: usbmuxd_get_device_list has 1 devices
    DEBUG: device 0 has uuid ffffffffffffffffffffffffffffffffffffffff
    Connected to com.apple.mobile.restored, version 12
    Device has successfully entered restore mode
    Partition NAND device (28)

    When a device in this state is, usb device output in syslog says:

    [10247.342553] usb 1-6: USB disconnect, address 67 [10250.744061] usb 1-6: new high speed USB device using ehci_hcd and address 69 [10250.878149] usb 1-6: New USB device found, idVendor=05ac, idProduct=1281 [10250.878156] usb 1-6: New USB device strings: Mfr=2, Product=3, SerialNumber=4 [10250.878161] usb 1-6: Product: Apple Mobile Device (Recovery Mode) [10250.878165] usb 1-6: Manufacturer: Apple Inc. [10250.878170] usb 1-6: SerialNumber: CPID:8930 CPRV:20 CPFM:03 SCEP:02 BDID:00 ECID:0000006BC0110DAD IBFL:02 SRNM:[DNPGGEH8DP0N] [10250.878349] usb 1-6: configuration #1 chosen from 1 choice

    ... and when idevicerestore is waiting for the device to reboot and appear (when it reports "About to restore device... waiting for device...":

    [10263.337934] usb 1-6: USB disconnect, address 69 [10282.180057] usb 1-6: new high speed USB device using ehci_hcd and address 70 [10282.317402] usb 1-6: New USB device found, idVendor=05ac, idProduct=1297 [10282.317409] usb 1-6: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [10282.317414] usb 1-6: Product: iPhone [10282.317418] usb 1-6: Manufacturer: Apple Inc. [10282.317422] usb 1-6: SerialNumber: ffffffffffffffffffffffffffffffffffffffff [10282.317592] usb 1-6: configuration #2 chosen from 4 choices

    When the device is in this state, "idevice_id -l" reports the uuid as the "fff..." string.

    When I have iPhone 4 devices in this state, I get collisions in the "uuid" and this causes problems when two (or more) idevicerestore processes reach the "trying to connect..." phase.

    Is there any other information that might be useful?

  • Ian Woods

    Ian Woods March 26th, 2012 @ 11:31 AM

    Crap, sorry about the formatting problems. The syslog output at the bottom should be:

    When a device in this state is, usb device output in syslog says:

    usb 1-6: USB disconnect, address 67
usb 1-6: new high speed USB device using ehci_hcd and address 69
usb 1-6: New USB device found, idVendor=05ac, idProduct=1281
usb 1-6: New USB device strings: Mfr=2, Product=3, SerialNumber=4
usb 1-6: Product: Apple Mobile Device (Recovery Mode)
usb 1-6: Manufacturer: Apple Inc.
usb 1-6: SerialNumber: CPID:8930 CPRV:20 CPFM:03 SCEP:02 BDID:00 ECID:0000006BC0110DAD IBFL:02 SRNM:[DNPGGEH8DP0N]
usb 1-6: configuration [#1](/projects/27916/tickets/1 "Ticket #1") chosen from 1 choice

    ... and when idevicerestore is waiting for the device to reboot and appear (when it reports "About to restore device... waiting for device...":

    usb 1-6: USB disconnect, address 69
usb 1-6: new high speed USB device using ehci_hcd and address 70
usb 1-6: New USB device found, idVendor=05ac, idProduct=1297
usb 1-6: New USB device strings: Mfr=1, Product=2, SerialNumber=3
usb 1-6: Product: iPhone
usb 1-6: Manufacturer: Apple Inc.
usb 1-6: SerialNumber: ffffffffffffffffffffffffffffffffffffffff
usb 1-6: configuration [#2](/projects/27916/tickets/2 "Ticket #2") chosen from 4 choices
  • Martin S.

    Martin S. April 5th, 2012 @ 11:15 PM

    This new commit attempts to handle this situation:
    http://cgit.sukimashita.com/usbmuxd.git/commit/?id=4113b710122aeb21...

  • Martin S.

    Martin S. May 17th, 2012 @ 03:51 PM

    • State changed from “open” to “resolved”
    • Tag changed from device, restore, udid, usb, usbmuxd to device, libusbmuxd, restore, udid, usb, usbmuxd

    Closing as git master should fix the reported issue.
    Please reopen if needed.

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

A project around supporting the iPhone in Linux.

See http://libimobiledevice.org

People watching this ticket

Attachments

Tags

Pages